consider adding expiration datetime to private_key session var

https://github.com/enowars/enowars8-service-ENOFT/blob/f985a5286d15ed3194f025c7f20a39c53031d54f/service/src/auth.py#L142

If `/download_key` is never invoked, then the private key can be called as much as a user wants to.